Closed
Bug 23007
Opened 25 years ago
Closed 25 years ago
incorrect URL crash browser (malformed TABLE elements)
Categories
(Core :: Layout: Tables, defect, P3)
Tracking
()
People
(Reporter: mkl_mozilla, Assigned: harishd)
References
()
Details
Attached html code crash browser M12 on Linux and also on Windows 95.
<HTML><HEAD><TITLE>I will crash you!!!</TITLE></HEAD>
<BODY>
<TABLE border=1><TBODY>
<TR><TD><CENTER>
<TABLE border=1><TBODY>
<TR><TH>TEXT</TH><TD>some text</TD></TR>
</TD></TR>here must be something</CENTER></TD>
</TBODY>
</TABLE>
</TD></TR>
</TBODY></TABLE>
</BODY>
</HTML>
crash message from windows
Aplikace MOZILLA zpùsobila neplatnost stránky
v modulu GKHTML.DLL na adrese 014f:601c3785.
Registry:
EAX=01168d5c CS=014f EIP=601c3785 EFLGS=00010296
EBX=01159400 SS=0157 ESP=0063f674 EBP=0063f6a0
ECX=00000000 DS=0157 ESI=01163240 FS=11c7
EDX=00000000 ES=0157 EDI=00000000 GS=0000
Bajty v CS:EIP:
8b 07 89 4d f0 ff 90 a8 00 00 00 8b 4e 18 8b 56
Výpis zásobníku:
00000000 00000000 01163bc0 01159400 601c3b49 010b47d8 00000071 00000013
00000003 007246c8 00000000 0063f6e8 601c51cd 01163bc0 01163bc0 602b8060
|
||
Updated•25 years ago
|
Assignee: nobody → karnaze
URL: http://netmag.cz → http://netmag.cz
Severity: major → critical
Component: Browser-General → HTMLTables
Summary: incorrect URL crash browser → incorrect URL crash browser (malformed TABLE elements)
|
|
||
Comment 1•25 years ago
|
||
kluka@centrum.cz : Thanks for the excellent test case! This also 2000010308 win95. Passing to karnaze/HTMLTables (although perhaps it's Parser that needs to eject the gunk from the table).
|
||
Updated•25 years ago
|
Assignee: karnaze → harishd
|
|
||
Comment 2•25 years ago
|
||
Reassigning to Harish based on the stack.
SinkContext::CloseContainer(const nsIParserNode & {...}) line 1247 + 3 bytes
HTMLContentSink::CloseContainer(HTMLContentSink * const 0x01b3fbd0, const
nsIParserNode & {...}) line 2777 + 15 bytes
CNavDTD::CloseContainer(const nsIParserNode * 0x01b34940, nsHTMLTag eHTMLTag_td,
int 0) line 2972 + 31 bytes
CNavDTD::CloseContainersTo(int 5, nsHTMLTag eHTMLTag_td, int 0) line 3008 + 20
bytes
CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_td, int 0) line 3160 + 20 bytes
CNavDTD::HandleEndToken(CToken * 0x01b170d0) line 1657 + 20 bytes
CNavDTD::HandleToken(CNavDTD * const 0x01b13200, CToken * 0x01b170d0, nsIParser
* 0x01b3fda0) line 804 + 12 bytes
CNavDTD::HandleSavedTokens(int 6) line 1729 + 23 bytes
CNavDTD::HandleOmittedTag(CToken * 0x01b172f0, nsHTMLTag eHTMLTag_text,
nsHTMLTag eHTMLTag_tbody, nsIParserNode * 0x01b34250) line 1307 + 12 bytes
CNavDTD::HandleDefaultStartToken(CToken * 0x01b172f0, nsHTMLTag eHTMLTag_text,
nsIParserNode * 0x01b34250) line 1055 + 24 bytes
CNavDTD::HandleStartToken(CToken * 0x01b172f0) line 1423 + 22 bytes
CNavDTD::HandleToken(CNavDTD * const 0x01b13200, CToken * 0x01b172f0, nsIParser
* 0x01b3fda0) line 801 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x01b13200, nsIParser * 0x01b3fda0,
nsITokenizer * 0x01b13180, nsITokenObserver * 0x00000000, nsIContentSink *
0x01b3fbd0) line 568 + 20 bytes
nsParser::BuildModel() line 1039 + 34 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 963 + 11 bytes
nsParser::OnDataAvailable(nsParser * const 0x01b3fda4, nsIChannel * 0x01b3cea0,
nsISupports * 0x00000000, nsIInputStream * 0x01b3c928, unsigned int 0, unsigned
int 397) line 1333 + 19 bytes
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x01b3c2c0,
nsIChannel * 0x01b3cea0, nsISupports * 0x00000000, nsIInputStream * 0x01b3c928,
unsigned int 0, unsigned int 397) line 232 + 46 bytes
nsFileChannel::OnDataAvailable(nsFileChannel * const 0x01b3cea4, nsIChannel *
0x01b3cd00, nsISupports * 0x00000000, nsIInputStream * 0x01b3c928, unsigned int
0, unsigned int 397) line 510 + 49 bytes
nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x01b38360)
line 370
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x01b3c8d0) line 93 + 12 bytes
PL_HandleEvent(PLEvent * 0x01b3c8d0) line 522 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00c7e340) line 483 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00010496, unsigned int 49301, unsigned int 0,
long 13099840) line 951 + 9 bytes
USER32! DispatchMessageWorker@8 + 135 bytes
USER32! DispatchMessageA@4 + 11 bytes
nsNativeViewerApp::Run() line 76
main(int 1, char * * 0x00be15c0) line 137 + 11 bytes
mainCRTStartup() line 338 + 17 bytes
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Thanks for the test case. *** This bug has been marked as a duplicate of 20797 ***
You need to log in
before you can comment on or make changes to this bug.
Description
•